Detectify launches MCP server to integrate security testing into AI coding workflows
The Detectify MCP Server utilizes the Model Context Protocol (MCP), an open standard adopted across the AI industry for agent-tool communication.
SC Media
20 articles
CypherLoc scareware tricks millions into identity theft traps
The CypherLoc attack begins with a phishing email containing a malicious link or attachment.
Critical vulnerability in Universal Robots' PolyScope OS allows remote command execution
The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior to 5.
Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike
The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS.
The Oncology Institute reports patient data potentially exposed in third-party vendor breach
The Oncology Institute disclosed on May 20, 2026, that Kroll, a third-party administrator for an unnamed vendor, detected unauthorized access to systems that...
Zero-click attack hijacks WhatsApp accounts on iOS 16
The attack exploits vulnerabilities in iOS 16, specifically CVE-2025-43300 within the ImageIO framework and potentially CVE-2025-55177, to gain unauthorized ...
North Korea's Lazarus Group uses new RemotePE malware against financial targets
RemotePE is deployed through a multi-stage attack chain involving two loaders, DPAPILoader and RemotePELoader.
Mainframe Security Gaps: Why Your IAM Strategy is Failing (And How to Fix It) - WC #1
OnlyFans user data advertised on cybercrime forum, seller claims no direct breach
A user on a cybercrime forum is selling a database of 340 million records allegedly linked to OnlyFans users for approximately $76,000.
Ghost CMS vulnerability exploited in large-scale campaign
The vulnerability, identified as CVE-2026-26980, affects Ghost versions 3.24.
RondoDox botnet exploits old ASUS router vulnerability
The RondoDox botnet has been exploiting this vulnerability since May 17, as discovered by VulnCheck's Canary Network.
AppSec Conversations on Agents, LLMs, and OWASP from RSAC - Scott Clinton, Janet Worthington, Merritt Maxim - ASW #384
Visibility with EDR/MDR is still important, 'the basics' are impossible, and the news - Rob Allen - ESW #460
Ubiquiti patches three critical vulnerabilities in UniFi OS
The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing un...
Cisco warns of AI inaccuracies in security incident reports
Cisco's research highlights several key issues with AI-generated reports, including inconsistency and standardization challenges due to LLMs using different ...
Organizations knowingly ship vulnerable code amid shrinking exploit windows
New research from Checkmarx reveals that 75% of organizations admit to frequently or sometimes deploying code they are aware is vulnerable.
Kash Patel's merchandise site hacked to distribute malware
The attack on Based Apparel, reportedly an attempt to distribute infostealer malware designed to steal user credentials, was first brought to light by a user...
TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583
Zscaler acquires Symmetry Systems to enhance AI security
The acquisition of Symmetry Systems is expected to bolster Zscaler's cybersecurity offerings, particularly in protecting artificial intelligence applications.
Belarus-linked Ghostwriter group targets Ukraine using Prometheus learning platform lures
Ghostwriter, also known as UAC-0057 and UNC1151, employs a multi-stage attack.